Vulnerability Description
The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.4.0 |
References
- http://marc.info/?l=bugtraq&m=105664924024009&w=2
- http://www.debian.org/security/2004/dsa-358
- http://www.debian.org/security/2004/dsa-423PatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
- http://www.redhat.com/support/errata/RHSA-2003-238.html
- http://www.redhat.com/support/errata/RHSA-2003-368.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2003-408.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=105664924024009&w=2
- http://www.debian.org/security/2004/dsa-358
- http://www.debian.org/security/2004/dsa-423PatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
- http://www.redhat.com/support/errata/RHSA-2003-238.html
- http://www.redhat.com/support/errata/RHSA-2003-368.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2003-408.html
FAQ
What is CVE-2003-0476?
CVE-2003-0476 is a vulnerability with a CVSS score of 2.1 (LOW). The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file de...
How severe is CVE-2003-0476?
CVE-2003-0476 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0476?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.